Local Administrator Password Solution (LAPS) from Microsoft

Microsoft has released Local Administrator Password Solution. LAPs will provide a solution to the issue of using a common local account with an identical password on every Windows computer in a domain, by setting up a random, different password for the common local administrator account on every computer in the domain.

Local Administrator Password Solution

This solution automatically manages local administrator password on domain joined computers, so that the password is:

Unique on each managed computer

Randomly generated

Securely stored in AD infrastructure.

Its features include:

Security:

Random password that changes automatically regularly

Password is protected during the transport via Kerberos encryption

Password is protected in AD by AD ACL

Effective mitigation of Pass-the-hash attack

Manageability:

Configurable password parameters: age, complexity, length

Ability to force password reset

Security model integrated with AD ACLs

End use UI can be any AD management tools of choice,

PowerShell and Fat client are provided

Protection against computer account deletion

Easy implementation and minimal footprint

Extensibility:

Additional encryption of password stored in AD

Password history

Web UI.

Domain administrators who use this solution can determine which users, such as helpdesk administrators, are authorized to read passwords.

Once you have downloaded the zip file for your system, viz. 32-bit or 64-bit, from Microsoft Download Center, extract them from the Installers.zip to a folder. There will be two files, AdmPwd.Setup.x64.msi and AdmPwd.Setup.x86.msi. You may also want to download the LAPS Datasheet, Operations Guide and Technical Specifications documents, as it gives a lot of information on how to use the too. If you need additional information, visit TechNet.

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.